<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 5.2.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/favicon-16x16-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">
  <link rel="stylesheet" href="../css/theme-pace.css">
  <script src="https://cdn.jsdelivr.net/npm/pace-js@1.0.2/pace.min.js"></script>

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"website.gitee.io","root":"/","scheme":"Muse","version":"7.8.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":false,"show_result":false,"style":null},"back2top":{"enable":true,"sidebar":false,"scrollpercent":false},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":false,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":false,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}}};
  </script>

  <meta name="description" content="前言&amp;#8194;&amp;#8194;跨域问题可以说是前端调试接口时最常见的问题之一了，那么怎么解决跨域呢？在掌握如何跨域前，我们先来了解一下什么是跨域吧 ↓↓↓">
<meta property="og:type" content="article">
<meta property="og:title" content="前端解决跨域">
<meta property="og:url" content="https://website.gitee.io/2020/12/14/crossDomain/index.html">
<meta property="og:site_name" content="别林小筑">
<meta property="og:description" content="前言&amp;#8194;&amp;#8194;跨域问题可以说是前端调试接口时最常见的问题之一了，那么怎么解决跨域呢？在掌握如何跨域前，我们先来了解一下什么是跨域吧 ↓↓↓">
<meta property="og:locale" content="en_US">
<meta property="og:image" content="https://website.gitee.io/2020/12/14/crossDomain/page_bg_01.png">
<meta property="article:published_time" content="2020-12-14T01:57:10.000Z">
<meta property="article:modified_time" content="2020-12-16T07:12:57.160Z">
<meta property="article:author" content="蓝眸">
<meta property="article:tag" content="javascript">
<meta property="article:tag" content="浏览器">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://website.gitee.io/2020/12/14/crossDomain/page_bg_01.png">

<link rel="canonical" href="https://website.gitee.io/2020/12/14/crossDomain/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'en'
  };
</script>

  <title>前端解决跨域 | 别林小筑</title>
  






  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container">

    <header class="header header-view" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-cont"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="Toggle navigation bar">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <h1 class="site-title">别林小筑</h1>
      <span class="logo-line-after"><i></i></span>
    </a>
      <p class="site-subtitle" itemprop="description">web前端</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
    </div>
  </div>
</div>






<nav class="site-nav">
  <ul id="menu" class="main-menu menu">
        <li class="menu-item menu-item-首页">

    <a href="/" rel="section"><i class="fa fa-home fa-fw"></i><span>首页</span></a>

  </li>
        <li class="menu-item menu-item-tags">

    <a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i><span>Tags</span></a>

  </li>
        <li class="menu-item menu-item-列表">

    <a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i><span>列表</span></a>

  </li>
        <li class="menu-item menu-item-关于博主">

    <a href="/intro" rel="section"><i class="fa fa-archive fa-fw"></i><span>关于博主</span></a>

  </li>
        <li class="menu-item menu-item-友情链接">

    <a href="/friend" rel="section"><i class="fa fa-archive fa-fw"></i><span>友情链接</span></a>

  </li>
  </ul>
</nav>


<div class="header-weather">
    <div class="header-weather-cont">
       <iframe width="350" scrolling="no" height="70" frameborder="0" allowtransparency="true" src="https://i.tianqi.com?c=code&id=37&icon=4&site=12" style="color:#555;"></iframe>
    </div>
</div>



</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content post posts-expand">
            

    
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block" lang="en">
    <link itemprop="mainEntityOfPage" href="https://website.gitee.io/2020/12/14/crossDomain/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/laji02.png">
      <meta itemprop="name" content="蓝眸">
      <meta itemprop="description" content="欢迎来到林中小筑小憩，本站收录一些我在开发时收集的一些笔记和我对前端技术认知和见解。如有不对之处，还望不吝赐教。">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="别林小筑">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          前端解决跨域
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-calendar"></i>
              </span>
              <span class="post-meta-item-text">Posted on</span>

              <time title="Created: 2020-12-14 09:57:10" itemprop="dateCreated datePublished" datetime="2020-12-14T09:57:10+08:00">2020-12-14</time>
            </span>
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="far fa-calendar-check"></i>
                </span>
                <span class="post-meta-item-text">Edited on</span>
                <time title="Modified: 2020-12-16 15:12:57" itemprop="dateModified" datetime="2020-12-16T15:12:57+08:00">2020-12-16</time>
              </span>

          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <p><img src="/2020/12/14/crossDomain/page_bg_01.png" alt="Background" title="跨域"></p>
<h2 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h2><p>&#8194;&#8194;跨域问题可以说是前端调试接口时最常见的问题之一了，那么怎么解决跨域呢？在掌握如何跨域前，我们先来了解一下什么是跨域吧 ↓↓↓</p>
<a id="more"></a>
<p>提到跨域我们就得了解一下同源策略，什么是同源策略？</p>
<p>&#8194;&#8194;同源策略是一种约定，它是浏览器最核心也是最基本的安全功能，如果缺少了同源策略，浏览器很容易收到XSS，CSFR等恶意攻击。所谓 “ <strong>同源</strong>“ 是指 “ <strong>协议</strong>+<strong>域名</strong>+<strong>端口</strong>“ 三者相同,即便两个不同的域名指向同一个IP地址，也非同源。</p>
<h3 id="一个域名地址的组成："><a href="#一个域名地址的组成：" class="headerlink" title="一个域名地址的组成："></a>一个域名地址的组成：</h3><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">http:&#x2F;&#x2F;   www   .   baidu.com   :   8080  &#x2F;   script&#x2F;jquery.js</span><br><span class="line"></span><br><span class="line">协议     子域名       主域名          端口       请求资源路径     </span><br></pre></td></tr></table></figure>

<h5 id="当协议、子域名、主域名、端口号中任意一个不相同时，都算作不同域。不同域之间相互请求资源，就算做-“跨域”。"><a href="#当协议、子域名、主域名、端口号中任意一个不相同时，都算作不同域。不同域之间相互请求资源，就算做-“跨域”。" class="headerlink" title="当协议、子域名、主域名、端口号中任意一个不相同时，都算作不同域。不同域之间相互请求资源，就算做 “跨域”。"></a>当协议、子域名、主域名、端口号中任意一个不相同时，都算作不同域。不同域之间相互请求资源，就算做 “跨域”。</h5><p>特别说明两点：<br>   <figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">第一：如果是协议和端口造成的跨域问题，前端都是无能为力的。</span><br><span class="line">第二：在跨域问题，仅仅是通过&quot;URL的首部&quot;来识别而不会根据域名对应的IP地址是否相同来判断。</span><br><span class="line">    &quot;URL的首部&quot;可以理解为&quot;协议&quot;，域名和端口必须匹配。</span><br></pre></td></tr></table></figure></p>
<h2 id="正题"><a href="#正题" class="headerlink" title="正题"></a>正题</h2><h3 id="跨域解决方案"><a href="#跨域解决方案" class="headerlink" title="跨域解决方案"></a>跨域解决方案</h3><p>&#8194;&#8194;跨域的解决方案有很多种，这里列举五种(JSONP、CORS、websocket、Node中间件代理(两次跨域)、Nginx反向代理)</p>
<h4 id="JSONP"><a href="#JSONP" class="headerlink" title="JSONP"></a>JSONP</h4><p>&#8194;&#8194;JSONP是 JSON with Padding (填充式JSON或参数式JSON的简写)</p>
<p>&#8194;&#8194;JSONP实现跨域请求的原理简单来说，就是动态创建script标签，然后利用script标签的src属性不受同源策略限制的特性，来跨域获取数据。<br>&#8194;&#8194;JSONP 由两部分组成：回调函数和数据。回调函数就是当响应到来时应该在页面中调用的函数。回调函数的名字一般是在请求中指定的。而数据就是传入回调函数中的JSON数据。</p>
<h5 id="缺陷"><a href="#缺陷" class="headerlink" title="缺陷"></a>缺陷</h5><p>&#8194;&#8194;仅支持GET请求方式。<br>&#8194;&#8194;JSONP是从其它域加载代码执行，如果其它域不安全，很可能响应中夹带一些恶意代码，而此时除了完全放弃JSONP调用玩，没有办法追究。因此在使用不是自己运维的web服务时，一定得保证它安全、可靠。<br>&#8194;&#8194;要确定JSONP请求是否失败并不容易，虽然HTML5给script标签新增了一个onerror事件处理程序，但目前还没有得到任何浏览器支持。为此，开发人员不得不使用计时器检测指定时间内是否收到响应。</p>
<hr>
<h4 id="CORS"><a href="#CORS" class="headerlink" title="CORS"></a>CORS</h4><p>&#8194;&#8194;CORS是一个W3C标准，全称是”跨域资源共享”(Corss-origin resource Sharing)”;它允许浏览器向跨源服务器发出XML HttpsRequest请求，从而克服了AJAX只能同源使用的限制。CROS需要浏览器和服务器同时支持，目前，所有浏览器都支持该功能，IE浏览器不能低于IE10。</p>
<p>&#8194;&#8194;整个CORS通信过程，都是浏览器自动完成，不需要用户参与。对于开发者而言，CORS通信与同源的AJAX通信没什么区别，代码完全一样。浏览器一旦发现AJAX请求跨源，就会自动添加一些附加的头信息，有时还会多发出一次附加的请求，但用户不会有感觉。</p>
<p>&#8194;&#8194;因此，实现CORS通信的关键是服务器。只要服务器实现了CORS接口，就可以跨域通信。</p>
<p>原理：<br>&#8194;&#8194;浏览器会将ajax请求分为两类，其处理方案略有差异:简单请求(simple request)、特殊请求(not-so-simple request)。</p>
<h4 id="两种请求"><a href="#两种请求" class="headerlink" title="两种请求"></a>两种请求</h4><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">(1)请求方法是一下三种方法之一：</span><br><span class="line">    HEAD</span><br><span class="line">    GET</span><br><span class="line">    POST</span><br><span class="line"></span><br><span class="line">(2)HTTP的头信息不会超出以下几种字段:</span><br><span class="line">    Accept</span><br><span class="line">    Accept-Language</span><br><span class="line">    Content-Language</span><br><span class="line">    Last-Event-ID</span><br><span class="line">    Content-Type: 只限于三个值 application&#x2F;x-www-form-urlencoded、multipart&#x2F;form-data、text&#x2F;plain</span><br></pre></td></tr></table></figure>

<h4 id="凡是同时满足上面两种情况的就是简单请求，反之则是非简单请求，浏览器对这两种请求的处理方式不一样。"><a href="#凡是同时满足上面两种情况的就是简单请求，反之则是非简单请求，浏览器对这两种请求的处理方式不一样。" class="headerlink" title="凡是同时满足上面两种情况的就是简单请求，反之则是非简单请求，浏览器对这两种请求的处理方式不一样。"></a>凡是同时满足上面两种情况的就是简单请求，反之则是非简单请求，浏览器对这两种请求的处理方式不一样。</h4><p>对于简单请求而言，浏览器之间发送请求，具体来说就是在头信息中增加一个origin字段</p>
<p>注意看这个示例，浏览器发现这次跨源AJAX请求是简单请求，就自动在头信息中，添加一个origin字段。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">GET &#x2F;cors HTTP&#x2F;1.1</span><br><span class="line">Origin: http:&#x2F;&#x2F;api.bob.com</span><br><span class="line">Host: api.alice.com</span><br><span class="line">Accept-Language: en-US</span><br><span class="line">Connection: keep-alive</span><br><span class="line">User-Agent: Mozilla&#x2F;5.0...</span><br></pre></td></tr></table></figure>
<p>上面的头信息中，Origin字段用来说明，本次请求来自哪个源(协议 + 域名 + 端口)。服务器根据这个值，决定是否同意这次请求。</p>
<p>如果Origin指定的源不在许可范围内，服务器就会返回一个正常的HTTP回应。浏览器发现，这个回应的头信息没有包含Access-Control-Allow-Origin字段，就知道出错了，从而抛出一个错误，被XMLHttpRequest的onerror回调函数捕获。注意，这种错误码无法通过状态码识别，因为HTTP回应的状态码可能是200。</p>
<p>如果Origin指定的域名在许可范围内，服务器返回的响应，会多出几个头信息字段。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">Access-Control-Allow-Origin: http:&#x2F;&#x2F;api.bob.com</span><br><span class="line">Access-Control-Allow-Credentials: true</span><br><span class="line">Access-Control-Expose-Headers: FooBar</span><br><span class="line">Content-Type: text&#x2F;html; charset&#x3D;utf-8</span><br></pre></td></tr></table></figure>

<p>上面的头信息之中，有三个与CORS请求相关的字段，都以Access-Control开头。</p>
<p><strong>（1）Access-Control-Allow-Origin</strong><br>&#8194;&#8194;该字段是必须的，它的值要么是请求时Origin字段的值，要么是一个 * ,表示接收任意域名的请求。</p>
<p><strong>（2）Access-Control-Allow-Credentials</strong><br>&#8194;&#8194;该字段可选，它的值是一个布尔值，表示是否允许发送Cookie。默认情况下，Cookie不包括在CORS请求之中。设为true，既表示服务器明确许可，Cookie可以包含在请求中，一起发给服务器。这个值也只能设为true,如果服务器不要浏览器发送Cookie，删除该字段即可。</p>
<p><strong>（3）Access-Control-Expose-Headers</strong><br>&#8194;&#8194;该字段可选。CORS请求时，XMLHttoRequest对象中的getReponseHeader()方法只能拿到6个基本字段:Cache-Control、Content-Language、Content-Type、Expires、Last-Modified、Pragma。如果想拿到其他字段，就必须在Access-Control-Expose-Headers里面指定。上例指定getResponseHeader(“FooBar”)可以拿到FooBar的值；</p>
<h5 id="withCredentials属性"><a href="#withCredentials属性" class="headerlink" title="withCredentials属性"></a>withCredentials属性</h5><p>上面说到，CORS请求默认不发送Cookie和HTTP认证信息。如果要把Cookie发到服务器，一方面要服务器同意，指定Access-Control-Allow-Crentials。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">Access-Control-Allow-Credentials: true</span><br></pre></td></tr></table></figure>

<p>另一方面，开发者必须在AJAX请求中打开withCredentials</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">var xhr &#x3D; new XMLHttpRequest();</span><br><span class="line">xhr.withCredentials &#x3D; true</span><br></pre></td></tr></table></figure>

<p>否则，即使服务器同意发送。或者，服务器要求设置Cookie，浏览器也不会处理。<br>但是，如果省略withCredent设置，有的浏览器还是会一起Cookie,这时，可以显式关闭WithCredentials。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">xhr.withCredentials &#x3D; false;</span><br></pre></td></tr></table></figure>

<p>需要注意的是，如果要发送Cookie，Access-Control-Allow-Origin 就不能设置为星号，必须指定明确的、与请求网页一直的域名。同时，Cookie依然遵循同源政策,只有用服务器域名设置的Cookie才会上传，其他域名的Cookie并不会上传，且(跨源)原网页代码中的document.cookie也无法读取服务器域名下的Cookie。</p>

    </div>
    
    <div>
  
    <div>
    
        <div style="text-align:center;color: #ccc;font-size:14px;">-------------本文结束&nbsp;<i class="fa fa-paw"></i>&nbsp;感谢您的阅读-------------</div>
    
</div>
  
</div>
    
    
    
        <div class="reward-container">
  <div>请我吃包辣条吧~</div>
  <button onclick="var qr = document.getElementById('qr'); qr.style.display = (qr.style.display === 'none') ? 'block' : 'none';">
    打赏
  </button>
  <div id="qr" style="display: none;">
      <div style="display: inline-block;">
        <img src="/images/weixin.png" alt="蓝眸 微信">
        <p>微信</p>
      </div>
      <div style="display: inline-block;">
        <img src="/images/zfb.png" alt="蓝眸 支付宝">
        <p>支付宝</p>
      </div>

  </div>
</div>


      <footer class="post-footer">
          <div class="post-tags">
              <a href="/tags/javascript/" rel="tag"># javascript</a>
              <a href="/tags/%E6%B5%8F%E8%A7%88%E5%99%A8/" rel="tag"># 浏览器</a>
          </div>

        


        
    <div class="post-nav">
      <div class="post-nav-item"></div>
      <div class="post-nav-item">
    <a href="/2020/12/15/es6Compatible/" rel="next" title="IE低版本不支持ES6语法的解决方案">
      IE低版本不支持ES6语法的解决方案 <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  



          </div>
          

<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          Table of Contents
        </li>
        <li class="sidebar-nav-overview">
          Overview
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#%E5%89%8D%E8%A8%80"><span class="nav-number">1.</span> <span class="nav-text">前言</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#%E4%B8%80%E4%B8%AA%E5%9F%9F%E5%90%8D%E5%9C%B0%E5%9D%80%E7%9A%84%E7%BB%84%E6%88%90%EF%BC%9A"><span class="nav-number">1.1.</span> <span class="nav-text">一个域名地址的组成：</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#%E5%BD%93%E5%8D%8F%E8%AE%AE%E3%80%81%E5%AD%90%E5%9F%9F%E5%90%8D%E3%80%81%E4%B8%BB%E5%9F%9F%E5%90%8D%E3%80%81%E7%AB%AF%E5%8F%A3%E5%8F%B7%E4%B8%AD%E4%BB%BB%E6%84%8F%E4%B8%80%E4%B8%AA%E4%B8%8D%E7%9B%B8%E5%90%8C%E6%97%B6%EF%BC%8C%E9%83%BD%E7%AE%97%E4%BD%9C%E4%B8%8D%E5%90%8C%E5%9F%9F%E3%80%82%E4%B8%8D%E5%90%8C%E5%9F%9F%E4%B9%8B%E9%97%B4%E7%9B%B8%E4%BA%92%E8%AF%B7%E6%B1%82%E8%B5%84%E6%BA%90%EF%BC%8C%E5%B0%B1%E7%AE%97%E5%81%9A-%E2%80%9C%E8%B7%A8%E5%9F%9F%E2%80%9D%E3%80%82"><span class="nav-number">1.1.0.1.</span> <span class="nav-text">当协议、子域名、主域名、端口号中任意一个不相同时，都算作不同域。不同域之间相互请求资源，就算做 “跨域”。</span></a></li></ol></li></ol></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%AD%A3%E9%A2%98"><span class="nav-number">2.</span> <span class="nav-text">正题</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#%E8%B7%A8%E5%9F%9F%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88"><span class="nav-number">2.1.</span> <span class="nav-text">跨域解决方案</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#JSONP"><span class="nav-number">2.1.1.</span> <span class="nav-text">JSONP</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#%E7%BC%BA%E9%99%B7"><span class="nav-number">2.1.1.1.</span> <span class="nav-text">缺陷</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#CORS"><span class="nav-number">2.1.2.</span> <span class="nav-text">CORS</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#%E4%B8%A4%E7%A7%8D%E8%AF%B7%E6%B1%82"><span class="nav-number">2.1.3.</span> <span class="nav-text">两种请求</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#%E5%87%A1%E6%98%AF%E5%90%8C%E6%97%B6%E6%BB%A1%E8%B6%B3%E4%B8%8A%E9%9D%A2%E4%B8%A4%E7%A7%8D%E6%83%85%E5%86%B5%E7%9A%84%E5%B0%B1%E6%98%AF%E7%AE%80%E5%8D%95%E8%AF%B7%E6%B1%82%EF%BC%8C%E5%8F%8D%E4%B9%8B%E5%88%99%E6%98%AF%E9%9D%9E%E7%AE%80%E5%8D%95%E8%AF%B7%E6%B1%82%EF%BC%8C%E6%B5%8F%E8%A7%88%E5%99%A8%E5%AF%B9%E8%BF%99%E4%B8%A4%E7%A7%8D%E8%AF%B7%E6%B1%82%E7%9A%84%E5%A4%84%E7%90%86%E6%96%B9%E5%BC%8F%E4%B8%8D%E4%B8%80%E6%A0%B7%E3%80%82"><span class="nav-number">2.1.4.</span> <span class="nav-text">凡是同时满足上面两种情况的就是简单请求，反之则是非简单请求，浏览器对这两种请求的处理方式不一样。</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#withCredentials%E5%B1%9E%E6%80%A7"><span class="nav-number">2.1.4.1.</span> <span class="nav-text">withCredentials属性</span></a></li></ol></li></ol></li></ol></li></ol></div>
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image" alt="蓝眸"
      src="/images/laji02.png">
  <img src="../images/author_name.png" />
  <div class="site-description" itemprop="description">欢迎来到林中小筑小憩，本站收录一些我在开发时收集的一些笔记和我对前端技术认知和见解。如有不对之处，还望不吝赐教。</div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives">
          <span class="site-state-item-count">3</span>
          <span class="site-state-item-name">posts</span>
        </a>
      </div>
      <div class="site-state-item site-state-tags">
        <span class="site-state-item-count">2</span>
        <span class="site-state-item-name">tags</span>
      </div>
  </nav>
</div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

        

<div class="copyright">
  
  &copy; 
  <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">蓝眸</span>
</div>
  <div class="powered-by">Powered by <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> & <a href="https://muse.theme-next.org/" class="theme-link" rel="noopener" target="_blank">NexT.Muse</a>
  </div>

        








      </div>
    </footer>
  </div>
 <canvas id="canvas"></canvas>
  
  <script src="/lib/anime.min.js"></script>

<script src="/js/utils.js"></script>


<script src="/js/schemes/muse.js"></script>


<script src="/js/next-boot.js"></script>




  















  

  


  <script src="../js/jquery-3.4.1.min.js"></script>
  <script type="text/javascript">
  var windowWidth = $(window).width();
  if (windowWidth > 480) {
    document.write('<script type="text/javascript" src="../js/snow.js"><\/script>');
  }
</script>
<script src="/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({"pluginRootPath":"live2dw/","pluginJsPath":"lib/","pluginModelPath":"assets/","tagMode":false,"debug":false,"model":{"jsonPath":"/live2dw/assets/assets/z16.model.json"},"display":{"position":"right","width":150,"height":300},"mobile":{"show":true},"log":false});</script></body>
</html>
